I wrote the following to illustrate how easy it is for IDS to identify Nmap OS detection, and the difficulty in detecting Xprobe OS detection. While Xprobe would be my favorite OS detection tool, a lot of work needs . . .
I wrote the following to illustrate how easy it is for IDS to identify Nmap OS detection, and the difficulty in detecting Xprobe OS detection. While Xprobe would be my favorite OS detection tool, a lot of work needs to be done, especially when fingerprinting a given netblock. Xprobe does not ping the target, it will send UPD packet to all hosts within the given netblock. This can be used to identify Xprobe (but it is still difficult to distinguish Xprobe from other scanners). When fingerprinting a host that is known to be alive, Xprobe is very efficient and fast, compared to Nmap.